-
Notifications
You must be signed in to change notification settings - Fork 4
Home
saju edited this page Sep 13, 2010
·
5 revisions
Mod_Auth_Remote – remote authentication module for apache 2.2
Author: Saju Pillai (saju.pillai@gmail.com)
mod_auth_remote is as an authentication provider. mod_auth_remote is configured with an authentication server url. The authentication server url is an application usually hosted by another webserver or webservice which is responsible for the actual authentication of users. mod_auth_remote accepts HTTP BASIC authentication requests and proxies a HTTP BASIC Auth ‘HEAD’ request to the authentication server url on the local requests behalf. The authentication server may allow or decline authentication based on it’s policy. If the response from the authentication server is a SUCCESS code (2XX), mod_auth_remote will grant AUTHENTICATION on the local server. For all other responses mod_auth_remote will deny local AUTHENTICATION. Using mod_auth_remote gives you the following advantages- Simple way to implement Single-Signon. Same set of credentials can be used by
many applications/webservers.
- No need to replicate your authentication framework to all your applications
- No need to punch holes through your firewall for sql access or ldap access as part ofAuthentication server need not be publicly accessible to actual clients
your authentication setup.
-
— Tweak your authentication mechanism and ACLs without touching the fronting webservers
- A single webserver can have different URLs/applications authenticating from many
different authentication servers without duplicating any of their configuration or code.
- If you use mod_auth_remote’s AuthRemoteCookie support you can decrease load on the
authenticating servers drastically, as only 1 backend authentication per session is required.